Log4j zafiyeti yavaş yavaş etkilerini göstermeye başladı. Log4j kütüphanelerini kullanan üreticiler ürünleri için güncelleme yayınlamaya devam ediyor. Bunlardan biriside VMware oldu.
VMware yaptığı açıklamada etklienen ürünleri şöyle listeledi:
- VMware Horizon
- VMware vCenter Server
- VMware HCX
- VMware NSX-T Data Center
- VMware Unified Access Gateway
- VMware WorkspaceOne Access
- VMware Identity Manager
- VMware vRealize Operations
- VMware vRealize Operations Cloud Proxy
- VMware vRealize Log Insight
- VMware vRealize Automation
- VMware Telco Cloud Automation
- VMware Site Recovery Manager
- VMware Carbon Black Cloud Workload Appliance
- VMware Tanzu GemFire
- VMware Tanzu Greenplum
- VMware Tanzu Operations Manager
- VMware Tanzu Application Service for VMs
- VMware Tanzu Kubernetes Grid Integrated Edition
- VMware Tanzu Observability by Wavefront Nozzle
- Healthwatch for Tanzu Application Service
- Spring Cloud Services for VMware Tanzu
- Spring Cloud Gateway for VMware Tanzu
- Spring Cloud Gateway for Kubernetes
- API Portal for VMware Tanzu
- Single Sign-On for VMware Tanzu Application Service
Response Matrix:
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Horizon | 8.x, 7.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87073 | None |
| VMware vCenter Server | 7.x, 6.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware HCX | 4.x, 3.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB86169 | None |
| VMware NSX-T Data Center | 3.x, 2.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87086 | None |
| VMware Unified Access Gateway | 21.x, 20.x, 3.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Workspace ONE Access | 21.x, 20.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Identity Manager | 3.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware vRealize Operations | 8.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87076 | None |
| VMware vRealize Operations Cloud Proxy | Any | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87080 | None |
| VMware vRealize Log Insight | 8.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware vRealize Automation | 8.x, 7.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Telco Cloud Automation | 2.x, 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Carbon Black Cloud Workload Appliance | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Site Recovery Manager | 8.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Tanzu GemFire | 9.x, 8.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Article Number 13255 | None |
| VMware Tanzu Greenplum | 6.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Article Number 13256 | None |
| VMware Tanzu Operations Manager | 2.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Tanzu Application Service for VMs | 2.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Tanzu Kubernetes Grid Integrated Edition | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| VMware Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | Any | CVE-2021-44228 | 10.0 | Critical | 3.0.3 | Workaround Pending | None |
| Healthwatch for Tanzu Application Service | 2.x, 1.x | Any | CVE-2021-44228 | 10.0 | Critical | 2.1.7, 1.8.6 | Workaround Pending | None |
| Spring Cloud Services for VMware Tanzu | 3.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| Spring Cloud Gateway for VMware Tanzu | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| Spring Cloud Gateway for Kubernetes | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| API Portal for VMware Tanzu | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
| Single Sign-On for VMware Tanzu Application Service | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
Kaynak: https://www.vmware.com/security/advisories/VMSA-2021-0028.html